jenkins-bot has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/380682 )
Change subject: CRM-21022 - Parameterize variables in SQL query ...................................................................... CRM-21022 - Parameterize variables in SQL query https://github.com/civicrm/civicrm-core/pull/11002 Change-Id: I80709653a756f88c52c5350f67467876cbb69350 --- M CRM/Report/Page/InstanceList.php 1 file changed, 14 insertions(+), 9 deletions(-) Approvals: Mepps: Looks good to me, approved jenkins-bot: Verified diff --git a/CRM/Report/Page/InstanceList.php b/CRM/Report/Page/InstanceList.php index fa4e74e..663baa8 100644 --- a/CRM/Report/Page/InstanceList.php +++ b/CRM/Report/Page/InstanceList.php @@ -85,8 +85,11 @@ public function info() { $report = ''; + $queryParams = array(); + if ($this->ovID) { - $report .= " AND v.id = {$this->ovID} "; + $report .= " AND v.id = %1 "; + $queryParams[1] = array($this->ovID, 'Integer'); } if ($this->compID) { @@ -95,7 +98,8 @@ $this->_compName = 'Contact'; } else { - $report .= " AND v.component_id = {$this->compID} "; + $report .= " AND v.component_id = %2 "; + $queryParams[2] = array($this->compID, 'Integer'); $cmpName = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_Component', $this->compID, 'name', 'id' ); @@ -106,10 +110,12 @@ } } elseif ($this->grouping) { - $report .= " AND v.grouping = '{$this->grouping}' "; + $report .= " AND v.grouping = %3 "; + $queryParams[3] = array($this->grouping, 'String'); } elseif ($this->myReports) { - $report .= " AND inst.owner_id = " . CRM_Core_Session::getLoggedInContactID(); + $report .= " AND inst.owner_id = %4 "; + $queryParams[4] = array(CRM_Core_Session::getLoggedInContactID(), 'Integer'); } $sql = " @@ -129,12 +135,11 @@ ON v.component_id = comp.id WHERE v.is_active = 1 {$report} - AND inst.domain_id = %1 - ORDER BY v.weight"; + AND inst.domain_id = %9 + ORDER BY v.weight ASC, inst.title ASC"; + $queryParams[9] = array(CRM_Core_Config::domainID(), 'Integer'); - $dao = CRM_Core_DAO::executeQuery($sql, array( - 1 => array(CRM_Core_Config::domainID(), 'Integer'), - )); + $dao = CRM_Core_DAO::executeQuery($sql, $queryParams); $config = CRM_Core_Config::singleton(); $rows = array(); -- To view, visit https://gerrit.wikimedia.org/r/380682 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I80709653a756f88c52c5350f67467876cbb69350 Gerrit-PatchSet: 1 Gerrit-Project: wikimedia/fundraising/crm/civicrm Gerrit-Branch: master Gerrit-Owner: Eileen <emcnaugh...@wikimedia.org> Gerrit-Reviewer: Ejegg <ej...@ejegg.com> Gerrit-Reviewer: Mepps <me...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits